newrelic_rpm 9.12.0 → 9.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +38 -0
- data/README.md +16 -20
- data/lib/new_relic/agent/configuration/default_source.rb +30 -2
- data/lib/new_relic/agent/configuration/manager.rb +8 -0
- data/lib/new_relic/agent/instrumentation/active_merchant.rb +0 -13
- data/lib/new_relic/agent/instrumentation/delayed_job_instrumentation.rb +0 -19
- data/lib/new_relic/agent/instrumentation/excon.rb +0 -16
- data/lib/new_relic/agent/instrumentation/grape.rb +3 -1
- data/lib/new_relic/agent/instrumentation/opensearch/chain.rb +21 -0
- data/lib/new_relic/agent/instrumentation/opensearch/instrumentation.rb +66 -0
- data/lib/new_relic/agent/instrumentation/opensearch/prepend.rb +13 -0
- data/lib/new_relic/agent/instrumentation/opensearch.rb +25 -0
- data/lib/new_relic/agent/instrumentation/redis.rb +7 -5
- data/lib/new_relic/agent/instrumentation/sidekiq.rb +0 -14
- data/lib/new_relic/agent/instrumentation/sinatra.rb +0 -13
- data/lib/new_relic/agent/serverless_handler.rb +241 -12
- data/lib/new_relic/agent/serverless_handler_event_sources.json +155 -0
- data/lib/new_relic/agent/serverless_handler_event_sources.rb +49 -0
- data/lib/new_relic/agent/system_info.rb +14 -0
- data/lib/new_relic/agent/transaction/trace_context.rb +1 -1
- data/lib/new_relic/control/frameworks/grape.rb +14 -0
- data/lib/new_relic/control/frameworks/padrino.rb +14 -0
- data/lib/new_relic/control/frameworks/rails4.rb +4 -2
- data/lib/new_relic/environment_report.rb +6 -2
- data/lib/new_relic/language_support.rb +7 -1
- data/lib/new_relic/local_environment.rb +1 -4
- data/lib/new_relic/version.rb +1 -1
- data/lib/tasks/helpers/newrelicyml.rb +73 -11
- data/lib/tasks/instrumentation_generator/instrumentation.thor +1 -1
- data/lib/tasks/instrumentation_generator/templates/dependency_detection.tt +3 -3
- data/newrelic.yml +63 -54
- metadata +10 -2
@@ -45,6 +45,34 @@ module NewRelicYML
|
|
45
45
|
|
46
46
|
HEADER
|
47
47
|
|
48
|
+
SECURITY_BEGIN = <<-SECURITY
|
49
|
+
# BEGIN security agent
|
50
|
+
#
|
51
|
+
# NOTE: At this time, the security agent is intended for use only within
|
52
|
+
# a dedicated security testing environment with data that can tolerate
|
53
|
+
# modification or deletion. The security agent is available as a
|
54
|
+
# separate Ruby gem, newrelic_security. It is recommended that this
|
55
|
+
# separate gem only be introduced to a security testing environment
|
56
|
+
# by leveraging Bundler grouping like so:
|
57
|
+
#
|
58
|
+
# # Gemfile
|
59
|
+
# gem 'newrelic_rpm' # New Relic APM observability agent
|
60
|
+
# gem 'newrelic-infinite_tracing' # New Relic Infinite Tracing
|
61
|
+
#
|
62
|
+
# group :security do
|
63
|
+
# gem 'newrelic_security', require: false # New Relic security agent
|
64
|
+
# end
|
65
|
+
#
|
66
|
+
# NOTE: All "security.*" configuration parameters are related only to the
|
67
|
+
# security agent, and all other configuration parameters that may
|
68
|
+
# have "security" in the name somewhere are related to the APM agent.
|
69
|
+
|
70
|
+
SECURITY
|
71
|
+
|
72
|
+
SECURITY_END = <<-SECURITY
|
73
|
+
# END security agent
|
74
|
+
SECURITY
|
75
|
+
|
48
76
|
FOOTER = <<~FOOTER
|
49
77
|
# Environment-specific settings are in this section.
|
50
78
|
# RAILS_ENV or RACK_ENV (as appropriate) is used to determine the environment.
|
@@ -67,16 +95,35 @@ module NewRelicYML
|
|
67
95
|
FOOTER
|
68
96
|
|
69
97
|
def self.get_configs(defaults)
|
70
|
-
|
98
|
+
agent_configs = {}
|
99
|
+
security_configs = {}
|
100
|
+
|
101
|
+
defaults.sort.each do |key, value|
|
71
102
|
next if CRITICAL.include?(key) || SKIP.include?(key)
|
72
103
|
|
73
104
|
next unless public_config?(value) && !deprecated?(value)
|
74
105
|
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
106
|
+
# TODO: OLD RUBIES < 2.6
|
107
|
+
# Remove `to_s`. `start_with?` doesn't accept symbols in Ruby <2.6
|
108
|
+
if key.to_s.start_with?('security.')
|
109
|
+
description, default = build_config(key, value)
|
110
|
+
security_configs[key] = {description: description, default: default}
|
111
|
+
next
|
112
|
+
end
|
113
|
+
|
114
|
+
description, default = build_config(key, value)
|
115
|
+
agent_configs[key] = {description: description, default: default}
|
79
116
|
end
|
117
|
+
|
118
|
+
[agent_configs, security_configs]
|
119
|
+
end
|
120
|
+
|
121
|
+
def self.build_config(key, value)
|
122
|
+
sanitized_description = sanitize_description(value[:description])
|
123
|
+
description = format_description(sanitized_description)
|
124
|
+
default = default_value(key, value)
|
125
|
+
|
126
|
+
[description, default]
|
80
127
|
end
|
81
128
|
|
82
129
|
def self.public_config?(value)
|
@@ -126,15 +173,30 @@ module NewRelicYML
|
|
126
173
|
end
|
127
174
|
end
|
128
175
|
|
129
|
-
def self.
|
130
|
-
|
131
|
-
|
176
|
+
def self.agent_configs_yml(agent_configs)
|
177
|
+
agent_yml = ''
|
178
|
+
agent_configs.each do |key, value|
|
179
|
+
agent_yml += "#{value[:description]}\n # #{key}: #{value[:default]}\n\n"
|
180
|
+
end
|
181
|
+
|
182
|
+
agent_yml
|
183
|
+
end
|
132
184
|
|
133
|
-
|
134
|
-
|
185
|
+
def self.security_configs_yml(security_configs)
|
186
|
+
security_yml = ''
|
187
|
+
security_configs.each do |key, value|
|
188
|
+
security_yml += "#{value[:description]}\n # #{key}: #{value[:default]}\n\n"
|
135
189
|
end
|
136
190
|
|
137
|
-
|
191
|
+
security_yml
|
192
|
+
end
|
193
|
+
|
194
|
+
def self.build_string(defaults)
|
195
|
+
agent_configs, security_configs = get_configs(defaults)
|
196
|
+
agent_string = agent_configs_yml(agent_configs)
|
197
|
+
security_string = security_configs_yml(security_configs)
|
198
|
+
|
199
|
+
agent_string + SECURITY_BEGIN + security_string + SECURITY_END + "\n"
|
138
200
|
end
|
139
201
|
|
140
202
|
# :nocov:
|
@@ -103,7 +103,7 @@ class Instrumentation < Thor
|
|
103
103
|
<<-CONFIG
|
104
104
|
:'instrumentation.#{snake_name}' => {
|
105
105
|
:default => 'auto',
|
106
|
-
:documentation_default => 'auto'
|
106
|
+
:documentation_default => 'auto',
|
107
107
|
:public => true,
|
108
108
|
:type => String,
|
109
109
|
:dynamic_name => true,
|
@@ -12,16 +12,16 @@ DependencyDetection.defer do
|
|
12
12
|
depends_on do
|
13
13
|
# The class that needs to be defined to prepend/chain onto. This can be used
|
14
14
|
# to determine whether the library is installed.
|
15
|
-
defined?(
|
15
|
+
defined?(<%= @class_name %>)
|
16
16
|
# Add any additional requirements to verify whether this instrumentation
|
17
17
|
# should be installed
|
18
18
|
end
|
19
19
|
|
20
20
|
executes do
|
21
|
-
|
21
|
+
NewRelic::Agent.logger.info('Installing <%= @name.downcase %> instrumentation')
|
22
22
|
|
23
23
|
if use_prepend?
|
24
|
-
prepend_instrument
|
24
|
+
prepend_instrument <%= @class_name %>, NewRelic::Agent::Instrumentation::<%= @class_name %>::Prepend
|
25
25
|
else
|
26
26
|
chain_instrument NewRelic::Agent::Instrumentation::<%= @class_name %>::Chain
|
27
27
|
end
|
data/newrelic.yml
CHANGED
@@ -509,6 +509,10 @@ common: &default_settings
|
|
509
509
|
# prepend, chain, disabled.
|
510
510
|
# instrumentation.net_http: auto
|
511
511
|
|
512
|
+
# Controls auto-instrumentation of the opensearch-ruby library at start-up. May
|
513
|
+
# be one of auto, prepend, chain, disabled.
|
514
|
+
# instrumentation.opensearch: auto
|
515
|
+
|
512
516
|
# Controls auto-instrumentation of Puma::Rack. When enabled, the agent hooks
|
513
517
|
# into the to_app method in Puma::Rack::Builder to find gems to instrument
|
514
518
|
# during application startup. May be one of: auto, prepend, chain, disabled.
|
@@ -607,6 +611,12 @@ common: &default_settings
|
|
607
611
|
# When true, the agent transmits data about your app to the New Relic collector.
|
608
612
|
# monitor_mode: true
|
609
613
|
|
614
|
+
# If true, the agent captures OpenSearch queries in transaction traces.
|
615
|
+
# opensearch.capture_queries: true
|
616
|
+
|
617
|
+
# If true, the agent obfuscates OpenSearch queries in transaction traces.
|
618
|
+
# opensearch.obfuscate_queries: true
|
619
|
+
|
610
620
|
# If true, uses Module#prepend rather than alias_method for ActiveRecord
|
611
621
|
# instrumentation.
|
612
622
|
# prepend_active_record_instrumentation: false
|
@@ -645,60 +655,6 @@ common: &default_settings
|
|
645
655
|
# ignoring specific transactions.
|
646
656
|
# rules.ignore_url_regexes: []
|
647
657
|
|
648
|
-
# BEGIN security agent
|
649
|
-
#
|
650
|
-
# NOTE: At this time, the security agent is intended for use only within
|
651
|
-
# a dedicated security testing environment with data that can tolerate
|
652
|
-
# modification or deletion. The security agent is available as a
|
653
|
-
# separate Ruby gem, newrelic_security. It is recommended that this
|
654
|
-
# separate gem only be introduced to a security testing environment
|
655
|
-
# by leveraging Bundler grouping like so:
|
656
|
-
#
|
657
|
-
# # Gemfile
|
658
|
-
# gem 'newrelic_rpm' # New Relic APM observability agent
|
659
|
-
# gem 'newrelic-infinite_tracing' # New Relic Infinite Tracing
|
660
|
-
#
|
661
|
-
# group :security do
|
662
|
-
# gem 'newrelic_security', require: false # New Relic security agent
|
663
|
-
# end
|
664
|
-
#
|
665
|
-
# NOTE: All "security.*" configuration parameters are related only to the
|
666
|
-
# security agent, and all other configuration parameters that may
|
667
|
-
# have "security" in the name some where are related to the APM agent.
|
668
|
-
#
|
669
|
-
|
670
|
-
# If true, the security agent is loaded (a Ruby 'require' is performed)
|
671
|
-
# security.agent.enabled: false
|
672
|
-
|
673
|
-
# The port the application is listening on. This setting is mandatory for
|
674
|
-
# Passenger servers. Other servers should be detected by default.
|
675
|
-
# security.application_info.port: nil
|
676
|
-
|
677
|
-
# If true, enables deserialization detection
|
678
|
-
# security.detection.deserialization.enabled: true
|
679
|
-
|
680
|
-
# If true, enables RCI (remote code injection) detection
|
681
|
-
# security.detection.rci.enabled: true
|
682
|
-
|
683
|
-
# If true, enables RXSS (reflected cross-site scripting) detection
|
684
|
-
# security.detection.rxss.enabled: true
|
685
|
-
|
686
|
-
# If true, the security agent is started (the agent runs in its event loop)
|
687
|
-
# security.enabled: false
|
688
|
-
|
689
|
-
# Defines the mode for the security agent to operate in. Currently only IAST is
|
690
|
-
# supported
|
691
|
-
# security.mode: IAST
|
692
|
-
|
693
|
-
# Defines the request body limit to process in security events (in KB). The
|
694
|
-
# default value is 300, for 300KB.
|
695
|
-
# security.request.body_limit: 300
|
696
|
-
|
697
|
-
# Defines the endpoint URL for posting security-related data
|
698
|
-
# security.validator_service_url: wss://csec.nr-data.net
|
699
|
-
|
700
|
-
# END security agent
|
701
|
-
|
702
658
|
# Applies Language Agent Security Policy settings.
|
703
659
|
# security_policies_token: ""
|
704
660
|
|
@@ -916,6 +872,59 @@ common: &default_settings
|
|
916
872
|
# Foundry environment.
|
917
873
|
# utilization.detect_pcf: true
|
918
874
|
|
875
|
+
# BEGIN security agent
|
876
|
+
#
|
877
|
+
# NOTE: At this time, the security agent is intended for use only within
|
878
|
+
# a dedicated security testing environment with data that can tolerate
|
879
|
+
# modification or deletion. The security agent is available as a
|
880
|
+
# separate Ruby gem, newrelic_security. It is recommended that this
|
881
|
+
# separate gem only be introduced to a security testing environment
|
882
|
+
# by leveraging Bundler grouping like so:
|
883
|
+
#
|
884
|
+
# # Gemfile
|
885
|
+
# gem 'newrelic_rpm' # New Relic APM observability agent
|
886
|
+
# gem 'newrelic-infinite_tracing' # New Relic Infinite Tracing
|
887
|
+
#
|
888
|
+
# group :security do
|
889
|
+
# gem 'newrelic_security', require: false # New Relic security agent
|
890
|
+
# end
|
891
|
+
#
|
892
|
+
# NOTE: All "security.*" configuration parameters are related only to the
|
893
|
+
# security agent, and all other configuration parameters that may
|
894
|
+
# have "security" in the name somewhere are related to the APM agent.
|
895
|
+
|
896
|
+
# If true, the security agent is loaded (a Ruby 'require' is performed)
|
897
|
+
# security.agent.enabled: false
|
898
|
+
|
899
|
+
# The port the application is listening on. This setting is mandatory for
|
900
|
+
# Passenger servers. Other servers should be detected by default.
|
901
|
+
# security.application_info.port: nil
|
902
|
+
|
903
|
+
# If true, enables deserialization detection
|
904
|
+
# security.detection.deserialization.enabled: true
|
905
|
+
|
906
|
+
# If true, enables RCI (remote code injection) detection
|
907
|
+
# security.detection.rci.enabled: true
|
908
|
+
|
909
|
+
# If true, enables RXSS (reflected cross-site scripting) detection
|
910
|
+
# security.detection.rxss.enabled: true
|
911
|
+
|
912
|
+
# If true, the security agent is started (the agent runs in its event loop)
|
913
|
+
# security.enabled: false
|
914
|
+
|
915
|
+
# Defines the mode for the security agent to operate in. Currently only IAST is
|
916
|
+
# supported
|
917
|
+
# security.mode: IAST
|
918
|
+
|
919
|
+
# Defines the request body limit to process in security events (in KB). The
|
920
|
+
# default value is 300, for 300KB.
|
921
|
+
# security.request.body_limit: 300
|
922
|
+
|
923
|
+
# Defines the endpoint URL for posting security-related data
|
924
|
+
# security.validator_service_url: wss://csec.nr-data.net
|
925
|
+
|
926
|
+
# END security agent
|
927
|
+
|
919
928
|
# Environment-specific settings are in this section.
|
920
929
|
# RAILS_ENV or RACK_ENV (as appropriate) is used to determine the environment.
|
921
930
|
# If your application has other named environments, configure them here.
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: newrelic_rpm
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 9.
|
4
|
+
version: 9.13.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tanna McClure
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2024-
|
14
|
+
date: 2024-08-22 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: bundler
|
@@ -484,6 +484,10 @@ files:
|
|
484
484
|
- lib/new_relic/agent/instrumentation/net_http/instrumentation.rb
|
485
485
|
- lib/new_relic/agent/instrumentation/net_http/prepend.rb
|
486
486
|
- lib/new_relic/agent/instrumentation/notifications_subscriber.rb
|
487
|
+
- lib/new_relic/agent/instrumentation/opensearch.rb
|
488
|
+
- lib/new_relic/agent/instrumentation/opensearch/chain.rb
|
489
|
+
- lib/new_relic/agent/instrumentation/opensearch/instrumentation.rb
|
490
|
+
- lib/new_relic/agent/instrumentation/opensearch/prepend.rb
|
487
491
|
- lib/new_relic/agent/instrumentation/padrino.rb
|
488
492
|
- lib/new_relic/agent/instrumentation/padrino/chain.rb
|
489
493
|
- lib/new_relic/agent/instrumentation/padrino/instrumentation.rb
|
@@ -606,6 +610,8 @@ files:
|
|
606
610
|
- lib/new_relic/agent/samplers/object_sampler.rb
|
607
611
|
- lib/new_relic/agent/samplers/vm_sampler.rb
|
608
612
|
- lib/new_relic/agent/serverless_handler.rb
|
613
|
+
- lib/new_relic/agent/serverless_handler_event_sources.json
|
614
|
+
- lib/new_relic/agent/serverless_handler_event_sources.rb
|
609
615
|
- lib/new_relic/agent/span_event_aggregator.rb
|
610
616
|
- lib/new_relic/agent/span_event_primitive.rb
|
611
617
|
- lib/new_relic/agent/sql_sampler.rb
|
@@ -668,6 +674,8 @@ files:
|
|
668
674
|
- lib/new_relic/control/class_methods.rb
|
669
675
|
- lib/new_relic/control/frameworks.rb
|
670
676
|
- lib/new_relic/control/frameworks/external.rb
|
677
|
+
- lib/new_relic/control/frameworks/grape.rb
|
678
|
+
- lib/new_relic/control/frameworks/padrino.rb
|
671
679
|
- lib/new_relic/control/frameworks/rails.rb
|
672
680
|
- lib/new_relic/control/frameworks/rails3.rb
|
673
681
|
- lib/new_relic/control/frameworks/rails4.rb
|